Guest user Created: Jul 26, 2019 Last commented: Jul 26, 2019

Cyber attack security controls

I would like to know, which standard is responsible to identify the cyber attack security controls and precaution measures is it ISO-22301 or ISO-27001. In our organisation myself managing the BCM department which is complying to ISO 22301, our IT team is maintaining the ISO 27001, however, their BCP has been developed by us in collaboration with them. The plan is generic, outline the response to any major incident such as loss of power, fire, cyber attack..etc. My new line manager is insisting that it is the BCM department responsibility, I have a doubt and I need some advice.

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Jul 26, 2019

Answer:

I'm assuming that your doubt is which standard can provide better guidance in the identification of cyber attack security controls and precaution measures.

Considering that, the standard of choice is the ISO 27001, which provides general recommendations for information security that can be adapted for cyber security.

Regarding definition of responsibilities, business continuity related to ISO 27001 is focused on disaster recovery of IT infrastructur e, so if your organization's needs for business continuity go beyond that (i.e., the potential impacts go beyond information-related issues), probably the responsibility should remain with BCM.

For further information, please see:
- How to use ISO 22301 for the implementation of business continuity in ISO 27001 https://advisera.com/27001academy/blog/2015/06/15/how-to-use-iso-22301-for-the-implementation-of-business-continuity-in-iso-27001/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jul 25, 2019

Expert Advice Community